Re: Encryption key length (RC4 and Blowfish)

From: Gregory G Rose (ggr_at_qualcomm.com)
Date: 07/10/04 

Date: 10 Jul 2004 04:32:15 -0700

In article <1b54be99.0407100245.4bad381b@posting.google.com>,
XLNGS <newsgroup@xlteknologies.com> wrote:
>ggr@qualcomm.com (Gregory G Rose) wrote in message news:<ccm571$9r7@qualcomm.com>...
>
>> Bartosz already answered, but I'll add a bit. The
>> current literature talks about
>> "distinguishability", in the sense that, if you
>> can tell the difference between the encrypted
>> output and random numbers with a non-negligible
>> probability of being right more often than wrong,
>> the cipher would be considered (by many) to be
>> broken.
>Yea...I was talking about "distinguishability". OK now if there is a
>chance of being distinguished, by analysing the encrypted data, then a
>simple shuffling will be enough to make it non-distinguishable, won't
>it?

I'm not sure. I guess it depends on what you mean
by a "simple shuffling". Just moving around the
bytes in RC4 doesn't disguise the fact that there
are too many zeros and too few 0xFFs, so that
wouldn't help. Shuffling bytes between blocks in
Blowfish certainly complicate any analysis, and if
it complicates it past the point where you'd be
able to enumerate the key would, in some sense,
fix it. But those are just my assumptions about
what you might have meant...

Greg. 

-- 
Greg Rose
232B EC8F 44C6 C853 D68F  E107 E6BF CD2F 1081 A37C
Qualcomm Australia: http://www.qualcomm.com.au